In version 2.4, MongoDB Enterprise includes Kerberos support for integration into existing enterprise security systems, as well as role-based privileges to provide more granular security for your cluster. This session will introduce you to the new security features available in MongoDB.
4. Securing MongoDB 2.2
Authentication
– Simple user/password scheme stored in MongoDB
Authorization
– Per database: no access, read, or read-write
Auditing
– Very Little
5. MongoDB SSL
Keyfile establishes trust
http://docs.mongodb.org/manual/administration/ssl/
Application
SSL encryption
for client
connection
SSL encryption
for inter-server
traffic
Primary Secondary
Data Files Data Files
8. Authentication with password
hash• Use one-way function F
mongod
I am “mark@10gen.com”, let me in
Prove it, here is a random # N
Here is F(N,
hash(<mypwd>))
Nobody else could know
that, welcome back marko!
Knows
only my
passwor
d hash
Hash never
transmitted
over the
network!
9. External Authentication
Use common / standardized authentication
SASL: Simple Authentication and Security Layer
– Framework for building authentication
Kerberos
– GSSAPI, drivers will be updated
– Mixed system.users can work during transition
10. Authentication with Kerberos
KDC
1. I am “mark@10gen.com”,
help me prove it to mongod
to UDP:88 -
2. Here is a TGT
Mongod
3. TCP:27017
Here is a
Kerberos
TGT
4. Welcome,
here is a
Service
Ticket!
{
user: ”mark@10gen.com",
roles: ["readWrite"],
userSource: "$external"
}
Keytab
17. Admin DB
• userAdmin
• clusterAdmin
Accounts
DB
• userAdmin
App1 DB
• userAdmin
• dbAdmin
• readWrite
• read
App2 DB
• userAdmin
• dbAdmin
• readWrite
• read
Password
hashes
18. I can do anything
but I won’t be
required to do much
DB Admin: userAdmin DB Admin: clusterAdmin
I can add and
remove shards
DB Accounts: userAdmin
I can create new
users but I can’t
grant them
privileges to other
DB’s
DB App: userAdmin DB App: dbAdmin
I can grant
privileges to
the App DB
only
I can
create
indices, set
profiling, co
mpact
19. In App.system.users :
{
user: “fred” ,
usersource: “Accounts” ,
roles: [ “userAdmin” ]
}
{
user: “george” ,
usersource: “Accounts” ,
roles: [ “dbAdmin“ ] ,
}
Each DB’s userAdmin gets to
grant privileges separately
DB App: dbAdmin
I can grant
privileges to
the App DB
only
I can
create
indices, set
profiling,
compact
Credentials
from Accounts
DB
DB App: userAdmin
28. MongoDB Partners with
Gazzang
• File System Encryption
• 5% performance hit with HDD, 10-15% with
SSD
File System – All contents encrypted
OS Gazzang
Gazzang
Key Mgmt
33. Disclaimer
Statements about future releases, availability
dates, and feature content reflect plans only, and
10gen is under no obligation to include, develop
or make available, commercially or
otherwise, specific feature discussed a future
MongoDB build. Information is provided for
general understanding only, and is subject to
change at the sole discretion of 10gen in
response to changing market conditions, delivery
schedules, customer requirements, and/or other
factors.
34. Future features
Auditing
– Logging to output userID associated with actions
(SERVER-1891)
Passwords
– Stronger Hashing (SERVER-2380)
Authorization
– User Defined & More Granularity
SSL
– Client & Security Improvements
MongoD does not even need to know the password hash!You can centralize your authentication service – SPOF & SOS
read: access to read documentsreadWrite: access to read and write documentsuserAdmin: manage, modify user access to a dbdbAdmin: compact, repair, validate etc.clusterAdmin: stuff with shards
read: access to read documentsreadWrite: access to read and write documentsuserAdmin: manage, modify user access to a dbdbAdmin: compact, repair, validate etc.clusterAdmin: stuff with shards
With SSD, as the time spent processing data between OS and disk gets proportionally larger since SSD's are so much faster, it means the pert hit is 15%. You still get a major upgrade in speed, but encrypting and decrypting take a larger share.